feat(ansible): add IoT VLAN 5 (192.168.5.0/24, szafa wifi)

MikroTik: add vlan5 interface, bridge VLAN entry (ether3 tagged),
IP 192.168.5.1/24, IPv6 from-pool, DHCP pool/server/network,
firewall rules allowing IoT internet-only (IPv4 and IPv6),
DNS input from vlan5.

OpenWrt: add switch VLAN 5 (WAN+CPU tagged), br-iot bridge on
eth0.5, iot interface, iot firewall zone (forward ACCEPT,
input REJECT).

Also remove ensure_order from all non-firewall api_modify tasks
as RouterOS does not support move on those paths.

ansible/roles/routeros/tasks/containers.yml

@@ -29,7 +29,6 @@
         value: y
     handle_absent_entries: remove
     handle_entries_content: remove_as_much_as_possible
-    ensure_order: true
 
 - name: Configure container mounts
   community.routeros.api_modify:
@@ -43,7 +42,6 @@
         src: /tmp1/tailscale-root
     handle_absent_entries: remove
     handle_entries_content: remove_as_much_as_possible
-    ensure_order: true
 
 - name: Configure tailscale container
   community.routeros.api_modify:
@@ -63,4 +61,3 @@
         workdir: /
     handle_absent_entries: remove
     handle_entries_content: remove_as_much_as_possible
-    ensure_order: true